Hello,
I'm trying to setup 2 virtual host with xradius authentication. My xradius module is loaded on:
/etc/httpd/conf.modules.d/00-xradius.conf
with
Code:
LoadModule auth_xradius_module modules/mod_auth_xradius.so
Now to the end of my httpd.conf file i append the following:
Code:
ServerName b-25-6crlab-ecr-1
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin root@syslog
ServerAlias www.rsyslog.net
DocumentRoot "/var/www/html/"
SSLEngine On
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLOptions +StdEnvVars +OptRenegotiate
SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key
<Directory "/var/www/html">
SSLRequireSSL
Require valid-user
Options +ExecCGI
Options ExecCGI FollowSymlinks
AllowOverride None
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin root@ecr
ServerAlias www.ecr.net
DocumentRoot "/usr/share/cgit/"
SSLEngine On
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLOptions +StdEnvVars +OptRenegotiate
Alias /cgit-data /usr/share/cgit/
ScriptAlias /cgit /var/www/cgi-bin/cgit
SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key
<Directory "/usr/share/cgit">
SSLRequireSSL
Require valid-user
Options +ExecCGI
AddHandler cgi-script .cgi
Options ExecCGI FollowSymlinks
AllowOverride None
</Directory>
</VirtualHost>
</IfModule>
<VirtualHost *:80>
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>
The above config works fine. I'm able to access both webapps with https redirection. Radius not in use at this point
Now when i try to use the xradius module options, like so, it does not work. i just goes straight through without authentication:
Code:
ServerName b-25-6crlab-ecr-1
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin root@syslog
ServerAlias www.rsyslog.net
DocumentRoot "/var/www/html/"
SSLEngine On
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLOptions +StdEnvVars +OptRenegotiate
SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key
<Directory "/var/www/html">
AuthXRadiusAddServer "10.x.x.x:1812" "super_awesome_secret"
## Time in Seconds to wait for replies from the RADIUS Servers
AuthXRadiusTimeout 2
AuthXRadiusRejectBlank on
## Number of times to resend a request to a server if no reply is received.
AuthXRadiusRetries 2
AuthType Basic
AuthName "WHQ RADIUS"
AuthBasicProvider xradius
SSLRequireSSL
Require valid-user
Options +ExecCGI
Options ExecCGI FollowSymlinks
AllowOverride None
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin root@ecr
ServerAlias www.ecr.net
DocumentRoot "/usr/share/cgit/"
SSLEngine On
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLOptions +StdEnvVars +OptRenegotiate
Alias /cgit-data /usr/share/cgit/
ScriptAlias /cgit /var/www/cgi-bin/cgit
SSLCertificateFile /etc/httpd/ssl/server.crt
SSLCertificateKeyFile /etc/httpd/ssl/server.key
<Directory "/usr/share/cgit">
AuthXRadiusAddServer "10.x.x.x:1812" "super_awesome_secret"
## Time in Seconds to wait for replies from the RADIUS Servers
AuthXRadiusTimeout 2
AuthXRadiusRejectBlank on
## Number of times to resend a request to a server if no reply is received.
AuthXRadiusRetries 2
AuthType Basic
AuthName "WHQ RADIUS"
AuthBasicProvider xradius
SSLRequireSSL
Require valid-user
Options +ExecCGI
AddHandler cgi-script .cgi
Options ExecCGI FollowSymlinks
AllowOverride None
</Directory>
</VirtualHost>
</IfModule>
<VirtualHost *:80>
RewriteEngine on
ReWriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>
It gets even better!
So i move the above code (the one with xradius) to conf.d/cgit.conf and replace it entirely. xradius authenticates me and goes to "Unauthorized" if auth fails. When auth passes im redirected to the first virtualhost but when i try to go the second i get virtualhost i get:
"Not Found"
First VHOST is just
https://ip-address < which is fine
Second VHOST is
https://ip-address/cgit < Not found message
Im not entirely familiar with apache. I've set vhost before with xradius but only with 1 Vhost. Now im trying two.
Any input as to how to resolve the Xradius not working in the first scenario or "Not found" msg in the second would be very much appreciated.
Thank you in advance
Dave
